Mozilla is still wrestling with adding a security feature to Firefox that its browser rival, Microsoft's Internet Explorer 7, uses on Windows Vista to keep malware from hijacking computers.
In Vista, IE7 uses a technique Microsoft calls Protected Mode -- another name for "low rights" -- that blocks disk access to all but a temporary-files folder. The idea is that if an exploit -- a drive-by download, for instance -- attacks IE7 through a browser vulnerability, it can't install code on the PC's drive.
Last October, after Firefox developers had spent several days at Microsoft's Redmond, Wash., headquarters with the Vista team, a Mozilla engineer said they had come away with thoughts on how Firefox might take advantage of Vista's low-rights features. "We spent a while talking to members of both the UAC team and the IE team about ideas on how to structure our app for the lowest permission level," Vladimir Vukićević wrote at the time in a blog entry.
Now, however, Mozilla seems uncertain about whether that security strategy is smart.
"We're still trying to figure out the mechanics of what we can do and we can't do," acknowledged Mike Conner, director of Firefox development. "And there are two sides to this idea of Protected Mode. Microsoft said it's not a complete security sandbox, and some people are saying if [attackers] can work around it, it's not worth doing.
"The big thing for me is where we draw the convenience vs. security line," he added.
Conner argued that some of Vista's security provisions, including User Account Control (UAC) and low-rights modes, can be sidestepped to one degree or another and only get in the user's way. Last month, for instance, a Symantec researcher published a paper detailing how Vista's UAC could be spoofed by attackers.
"There's a lot of academic research coming out now that [some of these things] don't work," said Conner. "We may end up taking the 'safe enough' approach and implement that."
Firefox 3.0, code-named Gran Paradiso for now, will sport beefed up security when it's unveiled as a final release in the second half of this year. Exactly what form that security will take, however, remains uncertain. "There are a lot of things that we can do on security," said Conner, "but we're still in the discussion phase. None of what we're talking about will take a long time to implement."
The current Firefox 3.0 planning document lists security additions in password and antifraud areas, as well as enhancements to the user interface to make it easier for Web surfers to tell the browser's security status or the validity of a site's certificate.
"We want to create a more effective security UI," said Conner. "The main thing is to figure out who isn't looking at the current clues" for valid certificates. He said some of these UI additions will appear in the Alpha 4 or Alpha 5 editions of Gran Paradiso. (The browser reached Alpha 2 about a month ago.)
The newest production version of Firefox -- 2.0.0.2, which was released late last month -- is "100 percent compatible with Vista," according to Conner.